JSON Web Token Authentication

Introduction

The JSON Web Token (JWT) Authentication plugin enables authentication in Joget using a JSON Web Token payload. This plugin supports integrations with popular authentication providers such as Google and OKTA.

You can find the plugin's source code at GitHub: JSON Web Token Authentication.

This guide also includes a demonstration using Google and OAuth2 Proxy and has been tested to work with the OAuth2 Proxy available at OAuth2 Proxy GitHub.

Get started

Prerequisites

• You should have a Joget environment installed and running.
• The OAuth2 Proxy is configured, and you have access to the required credentials (Client ID and Secret).

Where to get the plugin

You can download the JWT Authentication plugin from JogetOSS Github Repository.

How to install

1. Click Download on this plugin screen (It will be a .jar file).
2. Go to your Joget localhost or server. In the Joget Console, go to Admin Bar > Systems Settings > Manage Plugins and click the Upload Plugins button.
3. Under Upload Plugin, select the plugin .jar file you downloaded and click Upload.
4. Depending on the plugin type, you can now view your new plugin in your form, List, or UI Builder.
5. Remember to uninstall the old plugin before uploading a new version.
6. The Joget Knowledge Base has more information on managing and developing plugins.

How to use it

Demo with Google and OAuth2-Proxy

Configure and start oAuth2-proxy on docker

1. Obtain the necessary Cookie Secret ( To generate cookie-secret, see OAuth2 Proxy Overview).
2. Obtain the Client ID and Client Secret from the Google API Console. Follow Google’s OAuth 2.0 guide to retrieve these credentials.

3. Run the OAuth2-Proxy with the following Docker command:

   docker run -p 4180:4180 quay.io/oauth2-proxy/oauth2-proxy:latest \
                --http-address=0.0.0.0:4180 \
                --email-domain=* \
                --cookie-secure=false \
                 --cookie-secret=CookieSecret \
                 --upstream= http://host.docker.internal:8080/ \
                --provider=google \    
                 --client-id=ClientID \
                 --client-secret=ClientSecret \
                --pass-authorization-header=true \
                --pass-access-token=true \
                 --pass-basic-auth=true

   Note:
   Replace ClientID, ClientSecret, and CookieSecret with your actual credentials.

4. After authenticating with Google, the OAuth2-Proxy forwards all authenticated requests to the upstream server (http://127.0.0.1:4180/), which will redirect to the Tomcat default page, so you need to modify the index.jsp in (tomcat/webapps/ROOT/index.jsp) to turn it to the plugin web service to do the log in. Replace the page with:

   <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
   <html>
   <head>
       <title>JSP Redirect</title>
       </head>
       <body>
          <%
             String redirectURL = "http://127.0.0.1:4180/jw/web/json/plugin/org.joget.plugin.marketplace.JsonWebTokenDirectoryManager/service";
             response.sendRedirect(redirectURL);
           %>
       </body>
   </html>

5. Start Tomcat. Once Joget starts, import the plugin.
6. Go to Directory Manager Settings and select JSON Web Token Directory Manager - 7.0.0.
7. Configure the plugin with the appropriate settings. Make sure to enable Debug Mode for troubleshooting if needed.
   
8. Now, you can access the login page and sign in with OAuth2 Proxy by navigating to http://localhost:4180/jw and click Sign in with Google.
   

Download plugin

• JWT Authentication Plugin